Add Kubernetes liveness/readiness probes and middleware order validation

- Split /health into /health/live (liveness) and /health/ready (readiness)
  following Kubernetes conventions. Combined /health retained for backward
  compatibility with existing Docker HEALTHCHECK definitions.
- Add ReadyCheck and ReadyResponse models for structured readiness output.
- Add _assert_middleware_order() startup check enforcing:
  RateLimit → Csrf → CorrelationId middleware chain.
- Register CorrelationIdMiddleware, CsrfMiddleware, RateLimitMiddleware
  in create_app() with documented required order (reverse of processing).
- Add correlation.py, csrf.py, rate_limit.py middleware modules.
- Add health probe tests in test_health_probes.py.
- Update test_main.py with middleware order assertion tests.
- Update frontend useFetchData hook tests.
- Docs: update Deployment.md with Kubernetes probe config examples.

backend/tests/test_main.py

@@ -12,7 +12,15 @@ from httpx import ASGITransport, AsyncClient
 from app.config import Settings
 from app.db import init_db
 from app.exceptions import ConfigValidationError, ConfigWriteError, JailNotFoundError
-from app.main import CORSMiddleware, _enforce_single_worker, _lifespan, create_app
+from app.main import (
+    CORSMiddleware,
+    _assert_middleware_order,
+    _enforce_single_worker,
+    _lifespan,
+    create_app,
+)
+from app.middleware.correlation import CorrelationIdMiddleware
+from app.middleware.rate_limit import RateLimitMiddleware
 from app.services import setup_service
 
 
@@ -450,14 +458,23 @@ async def test_startup_loads_geo_cache_from_persisted_runtime_database(tmp_path:
     exit_stack.enter_context(patch("app.services.geo_cache.GeoCache.load_cache_from_db", new=load_cache))
     exit_stack.enter_context(patch("app.services.geo_cache.GeoCache.count_unresolved", new=AsyncMock(return_value=0)))
     exit_stack.enter_context(patch("app.services.setup_service.is_setup_complete", new=AsyncMock(return_value=True)))
-    exit_stack.enter_context(patch("app.services.setup_service.get_runtime_database_path", new=AsyncMock(return_value=runtime_db_path)))
-    exit_stack.enter_context(patch("app.services.setup_service.get_persisted_runtime_settings", new=AsyncMock(return_value={
-        "database_path": runtime_db_path,
-        "fail2ban_socket": "/tmp/persisted.sock",
-        "timezone": "Europe/Berlin",
-        "session_duration_minutes": 123,
-    })))
-    exit_stack.enter_context(patch("app.services.setup_service.get_fail2ban_db_path", new=AsyncMock(return_value="/tmp/fail2ban/banned.tar.bz2")))
+    exit_stack.enter_context(patch(
+        "app.services.setup_service.get_runtime_database_path",
+        new=AsyncMock(return_value=runtime_db_path),
+    ))
+    exit_stack.enter_context(patch(
+        "app.services.setup_service.get_persisted_runtime_settings",
+        new=AsyncMock(return_value={
+            "database_path": runtime_db_path,
+            "fail2ban_socket": "/tmp/persisted.sock",
+            "timezone": "Europe/Berlin",
+            "session_duration_minutes": 123,
+        }),
+    ))
+    exit_stack.enter_context(patch(
+        "app.services.setup_service.get_fail2ban_db_path",
+        new=AsyncMock(return_value="/tmp/fail2ban/banned.tar.bz2"),
+    ))
     exit_stack.enter_context(patch("app.tasks.health_check.register"))
     exit_stack.enter_context(patch("app.tasks.blocklist_import.register"))
     exit_stack.enter_context(patch("app.tasks.geo_cache_flush.register"))
@@ -466,8 +483,9 @@ async def test_startup_loads_geo_cache_from_persisted_runtime_database(tmp_path:
 
     with exit_stack:
         async with _lifespan(app):
-            loaded_db_path = load_cache.call_args.args[0]
-            runtime_connections = [conn for path, conn in opened_connections if path == runtime_db_path]
+            runtime_connections = [
+                conn for path, conn in opened_connections if path == runtime_db_path
+            ]
             assert runtime_connections, "Expected runtime database to be opened"
 
             assert app.state.runtime_settings is not None
@@ -538,6 +556,91 @@ async def test_concurrent_requests_use_request_scoped_db_connections(tmp_path: P
     assert all(connection.close.await_count == 1 for connection in connections)
 
 
+# ---------------------------------------------------------------------------
+# Middleware order validation
+# ---------------------------------------------------------------------------
+
+
+def _make_settings(tmp_path: Path) -> Settings:
+    """Return a minimal Settings object with a temporary fail2ban config dir."""
+    fail2ban_config_dir = tmp_path / "fail2ban"
+    fail2ban_config_dir.mkdir()
+    return Settings(
+        database_path=str(tmp_path / "bangui.db"),
+        fail2ban_socket="/tmp/fake_fail2ban.sock",
+        fail2ban_config_dir=str(fail2ban_config_dir),
+        session_secret="test-secret-key-do-not-use-in-production",
+        session_duration_minutes=60,
+        timezone="UTC",
+        log_level="debug",
+    )
+
+
+def test_create_app_raises_on_incorrect_middleware_order(
+    tmp_path: Path,
+    monkeypatch: pytest.MonkeyPatch,
+) -> None:
+    """_assert_middleware_order() raises AssertionError when middleware order is wrong.
+
+    The security-critical chain requires:
+    RateLimitMiddleware → CsrfMiddleware → CorrelationIdMiddleware
+    in user_middleware (processing order: outermost → innermost).
+    """
+    monkeypatch.setenv("TESTING", "1")
+    settings = _make_settings(tmp_path)
+    app = create_app(settings=settings)
+    # Swap CorrelationIdMiddleware and RateLimitMiddleware to break the order.
+    user_mw = app.user_middleware
+    corr_idx = next(i for i, m in enumerate(user_mw) if m.cls.__name__ == "CorrelationIdMiddleware")
+    rate_idx = next(i for i, m in enumerate(user_mw) if m.cls.__name__ == "RateLimitMiddleware")
+    user_mw[corr_idx], user_mw[rate_idx] = user_mw[rate_idx], user_mw[corr_idx]
+    with pytest.raises(AssertionError, match="must be registered before"):
+        _assert_middleware_order(app)
+
+
+def test_middleware_order_validation_passes_for_correct_order(
+    tmp_path: Path,
+    monkeypatch: pytest.MonkeyPatch,
+) -> None:
+    """_assert_middleware_order() does not raise when middleware order is correct."""
+    monkeypatch.setenv("TESTING", "1")
+    settings = _make_settings(tmp_path)
+    app = create_app(settings=settings)
+    _assert_middleware_order(app)  # Should not raise
+
+
+def test_create_app_validates_middleware_order_at_startup(
+    tmp_path: Path,
+    monkeypatch: pytest.MonkeyPatch,
+) -> None:
+    """create_app() raises immediately if middleware registration order is incorrect.
+
+    This test verifies the integration: _assert_middleware_order is called at the
+    end of create_app, so a fresh app with deliberately wrong middleware order
+    (simulated by patching add_middleware during creation) raises AssertionError.
+    """
+    monkeypatch.setenv("TESTING", "1")
+    settings = _make_settings(tmp_path)
+
+    from starlette.applications import Starlette
+
+    original_add = Starlette.add_middleware
+
+    def swapping_add(self, middleware_cls: type, **kwargs: object) -> None:
+        """Patched add_middleware that swaps CorrelationId and RateLimit."""
+        if middleware_cls is CorrelationIdMiddleware:
+            pass  # Skip CorrelationId
+        elif middleware_cls is RateLimitMiddleware:
+            original_add(self, RateLimitMiddleware, **kwargs)
+            original_add(self, CorrelationIdMiddleware)
+        else:
+            original_add(self, middleware_cls, **kwargs)
+
+    with patch.object(Starlette, "add_middleware", swapping_add), \
+         pytest.raises(AssertionError, match="must be registered before"):
+        create_app(settings=settings)
+
+
 # ---------------------------------------------------------------------------
 # Single-worker enforcement
 # ---------------------------------------------------------------------------